Freeradius realm using multiple sql and virtual server

Philemon Jaomalaza philemon.jaomalaza at gmail.com
Sat Jun 23 18:30:40 CEST 2018 

All packets come from different NAS and each NAS must authenticate its users to a specific database, I thought a virtual server will select which database should I use because I saw that it calls the modules sql. and I would configure sql1 on virtual_server1 and sql2 on virtual_server2 and so on.

My global scenario are :

- Now, I have more Virtual Machine where run a freeradius, using database managed by daloradius for AAA and one NAS is for one VM.
- I want to move all database on a single dedicated server who run a freeradius using multiple database. I want to that One NAS will authentificated their users on spcific database, I think that I can do the selection of database by using the virtuel server et do the select by realm.
 like this :
NAS1-----> userfromnas1 at realm1------virtual_server---->database1
NAS2 ----userfromnas2 at realm2------virtual_server2-------> database2

What is the best scenarion to do this feature ?


Philemon Jaomalaza

-----Message d'origine-----
De : Freeradius-Users [mailto:freeradius-users-bounces+philemon.jaomalaza=gmail.com at lists.freeradius.org] De la part de Alan DeKok
Envoyé : samedi 23 juin 2018 17:17
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Objet : Re: Freeradius realm using multiple sql and virtual server

On Jun 23, 2018, at 8:30 AM, Philemon Jaomalaza <philemon.jaomalaza at gmail.com> wrote:
> 
> for the moment, for each virtual server, I created a virtual server, its realm and its module sql but actually I do not know how to link them.

  Realms are global, as are modules.

> where should I add:
> if realm1
> sql1
> elsif realm2
> sql2
> elsif realm3
> sql3
> else
> sql
> 
> in the /freeradius/3.0/proxy.conf or in the /freeradius/3.0/mods-available/sql module?

  No.  The "if  / else" unlang keywords *cannot* go into proxy.conf or into a module configuration.  They can *only* appear inside of a virtual server "authorize", etc. section.

  If you created a virtual server, why?  How do you think that requests from the client get sent to a virtual server?

  Read raddb/sites-available/README.  This documents how virtual servers work.

  If all packets are coming from one NAS, then virtual servers are not the answer.  If each realm comes from a different NAS, then you can use virtual servers.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list